WO2006064318A1 - Procede d'ecriture securisee dans une memoire contre des attaques par rayonnement ou par d'autres moyens - Google Patents

Procede d'ecriture securisee dans une memoire contre des attaques par rayonnement ou par d'autres moyens Download PDF

Info

Publication number
WO2006064318A1
WO2006064318A1 PCT/IB2005/003476 IB2005003476W WO2006064318A1 WO 2006064318 A1 WO2006064318 A1 WO 2006064318A1 IB 2005003476 W IB2005003476 W IB 2005003476W WO 2006064318 A1 WO2006064318 A1 WO 2006064318A1
Authority
WO
WIPO (PCT)
Prior art keywords
write
log
data
atomic
writes
Prior art date
Application number
PCT/IB2005/003476
Other languages
English (en)
Inventor
Nicolas Giraud
Original Assignee
Axalto Sa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Axalto Sa filed Critical Axalto Sa
Publication of WO2006064318A1 publication Critical patent/WO2006064318A1/fr

Links

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C16/00Erasable programmable read-only memories
    • G11C16/02Erasable programmable read-only memories electrically programmable
    • G11C16/06Auxiliary circuits, e.g. for writing into memory
    • G11C16/10Programming or data input circuits
    • G11C16/102External programming circuits, e.g. EPROM programmers; In-circuit programming or reprogramming; EPROM emulators
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C16/00Erasable programmable read-only memories
    • G11C16/02Erasable programmable read-only memories electrically programmable
    • G11C16/06Auxiliary circuits, e.g. for writing into memory
    • G11C16/10Programming or data input circuits
    • G11C16/102External programming circuits, e.g. EPROM programmers; In-circuit programming or reprogramming; EPROM emulators
    • G11C16/105Circuits or methods for updating contents of nonvolatile memory, especially with 'security' features to ensure reliable replacement, i.e. preventing that old data is lost before new data is reliably written
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C16/00Erasable programmable read-only memories
    • G11C16/02Erasable programmable read-only memories electrically programmable
    • G11C16/06Auxiliary circuits, e.g. for writing into memory
    • G11C16/22Safety or protection circuits preventing unauthorised or accidental access to memory cells

Definitions

  • This invention concerns a method and a device to secure an electronic assembly implementing a program to be protected. More precisely, the purpose of the method is to propose a defence against attacks by radiation, flash, light, laser, glitch or other and more generally against any attack disturbing the execution of the program instructions. These attacks modify the instructions to be executed, resulting in non-execution or incorrect execution of certain parts of the program.
  • a program When a program is executed by a microprocessor, attacks for example by injecting faults via laser, glitch or electromagnetic radiation modify the instruction codes executed by the processor: the program instructions may be replaced by instructions producing a different effect. Consequently, a security processing sequence in an operating system for smart cards may be made inoperative by an attacker. Applied during an instruction sequence designed to write in non volatile memory of the card, these attacks may disable security writes used, for example, to count a number of incorrect authentications. Through this type of attack, the attacker also prevents the card from storing security-related events.
  • one solution consists in setting flags in a byte of the RAM (Random Access Memory) at regular intervals and in checking, at a particular point in the execution of the software, that all flags which should be set have actually been set. Setting up this type of defence is tedious, however, since specific volatile memory areas must be allocated and processing added in the code to be protected, wherever this is required. In addition, since attacks of this type are becoming shorter and more precise, the known solutions are becoming less effective. Firstly, the attack may be too short to have any effect on the setting of flags: the flags in RAM may indicate to the program that all writes have been made correctly, even if this is not the case. Secondly, the flag verification software may itself be disturbed.
  • One purpose of this invention is to protect all writes contained in the program.
  • Another purpose of this invention is to propose efficient protection even for very short attacks.
  • This invention concerns a method to secure the write in storage means of an electronic assembly comprising information processing means, said method comprising an atomic write process to write data recorded in a write log, characterised in that it consists in checking a sequence of atomic writes in said storage means by setting in said write log one or more indicators in memory as proof of one of more successive writes recorded in said log.
  • This invention also concerns an electronic module in which said method is implemented, a card comprising said module and a program to implement said method.
  • - figure 1 is a diagrammatic representation of an example of a device in which the method according to this invention is implemented;
  • - figure 2 is a diagrammatic representation of the content of part of the memory of a device in which the known atomic write process is implemented;
  • FIG. 3 is a graph representing the various steps of a known atomic write process
  • FIG. 4 is a graph representing the various steps of one form of realisation of the method according to this invention.
  • FIG. 5 is a diagrammatic representation of the content of part of the memory of a device according to a first form of realisation in which the method according to this invention is implemented;
  • FIG. 6 is a diagrammatic representation of the content of part of the memory of a device according to a second form of realisation in which the method according to this invention is implemented.
  • the purpose of the method according to the invention is to secure an electronic assembly and for example a portable object such as a smart card implementing a program.
  • the electronic assembly comprises at least processing means such as a processor and storage means such as a memory.
  • the program to be secured is installed in the memory, for example ROM (Read Only Memory) type, of said assembly.
  • the electronic assembly described below corresponds to an onboard system comprising an electronic module 1 illustrated on figure L
  • This type of module is generally realised as a monolithic integrated electronic microcircuit, or chip, which once physically protected by any known means can be assembled on a portable object such as for example a smart card, microcircuit or integrated circuit card (microprocessor card, etc.) or other card which can be used in various fields.
  • the electronic module 1 comprises a microprocessor CPU 3 with a two-way connection via an internal bus 5 to a non volatile memory 7 of type ROM, EEPROM (Electrical Erasable Programmable Read Only Memory), Flash, FeRam or other containing the program PRO 9 to be executed and a transaction buffer 10 containing a write log used for temporary data storage, a volatile memory 11 of type RAM, input/output means I/O 13 to communicate with the exterior.
  • EEPROM Electrical Erasable Programmable Read Only Memory
  • Flash Flash
  • FeRam or other containing the program PRO 9 to be executed
  • a transaction buffer 10 containing a write log used for temporary data storage
  • a volatile memory 11 of type RAM volatile memory 11 of type RAM
  • input/output means I/O 13 to communicate with the exterior.
  • the method according to the invention consists in checking that each write in non volatile memory while executing the program 9 is executed correctly.
  • the method according to the invention consists in checking the atomic write of data in non volatile memory by setting in a write log, when executing a program 9, an indicator in memory as proof of a write.
  • the "write log” means the list of all write operations to be made atomically on the memory, the log containing control data and/or data to be written and/or any other type of information.
  • a sequence of "atomic” writes means all writes recorded in the write log such that, if the log is validated (sequence closed), all the writes are made, even in the event of attack; if the log is not validated, none of said writes is made.
  • writing the indicator in memory is made atomic with the write of the planned data in the write log.
  • Each write in the log and the indicator are atomic, so the fact that the proof indicator is in memory guarantees that the data has actually been written. By checking that the proof indicator is present, the program ensures a posteriori that the write was made. If the write was not made, various measures can then be taken, such as, for example, triggering by program 9 of a security defence, interruption of program execution or setting of a fraud indicator in non volatile memory 7 to indicate that a fraudulent attack has taken place and for example to prohibit any future use of the operating system.
  • the methods used to make several atomic writes in the memory and more especially in the non volatile memory 7 of a microprocessor card as an anti-tearing mechanism are known. They use for example, as shown on figure 2, the transaction buffer 10; the transaction buffer 10 is located in the non volatile memory 7 and acts as log for the writes to be made.
  • the known atomic write process may consist of the following sequence (refer to figure 3):
  • step A After opening the atomic session (step A), for each write (step B), the process consists in creating (step C) an entry in the write log of the transaction buffer 10 comprising the control data (Control Data) (address
  • AdM AdM , Adr2, Adr3 length of useful data, L1 , L2, L3 ) and the useful data (Data) (Datai , Data2, Data3, ...) (see figure 2).
  • step D When closing the atomic session (step D) 1 the process validates the transaction buffer to indicate that it contains an atomic write sequence. The method then consists in reading (steps E, G) each entry in the log and making, then checking the corresponding write, repeating each incorrect write (step F). Then in step H, the method invalidates the transaction buffer to indicate that it contains no atomic write sequence.
  • step E If the writes of the atomic sequence are interrupted, the process resumes at step E as long as the transaction buffer has not been invalidated.
  • This type of atomic write process protects against an interruption in the atomic session in progress: it guarantees that either the writes recorded in the write log of the transaction buffer are ignored and none of the writes recorded is made if the session has not been closed; or all the writes recorded in the log of the transaction buffer are made if the session has been closed.
  • the method according to this invention therefore consists in combining the known atomic data write process with the write of a write indicator.
  • the indicator is entered in the write log.
  • the data and indicator writes are made atomic...
  • the mode of realisation of this invention described below and illustrated on figure 4 combines the atomicity process like that described above and a counter acting as indicator of the successive writes in non volatile memory during a command, and for example a counter of the number of writes which is incremented on each new write.
  • the value (Counter) of the write counter (C1 , C2, C3) in EEPROM is included in the block of control data of the write log of the atomicity process (Control Data).
  • the value of the write counter is included in the atomicity data of the write log of the atomicity process (Atomicity Data).
  • the counter is incremented (step C- figure 4) and the control and atomicity data are updated in the same block, under the protection of a checksum (CKS1 , CKS2, CKS3 on figure 5 or CKS on figure 6, depending on the form of realisation) on part or all of the data (step C).
  • the counter is incremented on each new write in the atomic session.
  • the atomicity process guarantees that once the atomic session has been closed, all the writes recorded in the log will be made completely. This mode of realisation guarantees that each incrementation of the counter is atomic with the corresponding write in the log.
  • each incrementation of the counter during the atomic session corresponds to a write actually made when closing the atomic session.
  • step C after opening the atomic session, on each new write, i.e. on each new entry in the write log of the transaction buffer 10, the counter is incremented (step C).
  • the new value of the counter is written with the control data of the entry concerned (C1 , figure 5) or in the atomicity data (Ci, figure 6).
  • the value of the counter before opening the atomic session is stored in the atomicity data (C, figure 6).
  • the value of the counter is compared with the expected value and if they match and the other checks planned in the known atomic write processes are also correct, the buffer is validated.
  • the value of the counter C before opening the session is then assigned the value of the counter at closure.
  • This form of realisation implementing a counter provides a means of checking during program execution and/or when closing the atomic session that the writes planned in the log have been made by comparing the actual value of the counter with the expected value.
  • the method according to the invention consists in incrementing said counter and making each atomic write simultaneously. If an attack occurs during the write, the write will not be made correctly, the counter will not be incremented and the value of the counter will be different from the expected value; the attack is therefore detected and a specific action is carried out by the program or the processor.
  • Two methods can be used to make the recording of a new write in the write log of the transaction buffer and the incrementation of the write counter in non volatile memory atomic: the counter is placed in the same block as all or some of the control and/or atomicity data and/or the useful data of the atomicity process; and/or the counter and all or some of the control and/or atomicity data and/or the useful data are protected by the same checksum which validates this write, either of the two methods alone is sufficient to guarantee atomicity.
  • the writes in the non volatile memory 7 of type EEPROM generally encountered in smart cards are made in blocks (usually 64 or 128 bytes). All the bytes programmed in a given block are written simultaneously, making the write of several bytes in the same block atomic.
  • the programming duration is the same, whether for a single byte in the block or for all bytes in the block, of the order of 1 to 5 ms. This duration must be multiplied by the number of blocks to be written.
  • Atomicity can be achieved by using this intrinsic property of EEPROM.
  • the method according to the invention consists according to the second method in calculating a checksum (CKS1 , CKS2, CKS3 on figure 5, CKS on figure 6) on the value of the counter and on all or some of the control and/or atomicity data and/or the useful data and making the write in the log simultaneously and in writing the value obtained for the checksum in the log.
  • the method according to the invention then consists in verifying the checksum by comparing it with the precalculated value written in memory.
  • the checksum may concern the indicator and all or some of the useful data, and/or one or more items of atomicity data and/or one or more items of control data depending on the form of realisation chosen.
  • the protection of the write counter and of the control data by a checksum guarantees the efficiency of the mechanism with any non volatile memory and for example with memory types other than EEPROM.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)

Abstract

L'invention concerne un procédé de sécurisation d'écriture dans des moyens de mémoire d'un ensemble électronique comprenant des moyens de traitement d'information, ledit procédé comprenant un processus d'écriture atomique visant à écrire des données enregistrées dans un journal d'écriture. Le procédé consiste à contrôler une séquences d'écrits atomiques dans lesdits moyens de mémoire, en établissant dans ledit journal d'écriture, un ou plusieurs indicateurs dans une mémoire, en tant que contrôle d'une ou de plusieurs écritures successives enregistrées dans ledit journal. L'invention concerne également le module électronique dans lequel ledit procédé est mis en oeuvre, ainsi que la carte comprenant ledit module.
PCT/IB2005/003476 2004-12-13 2005-11-21 Procede d'ecriture securisee dans une memoire contre des attaques par rayonnement ou par d'autres moyens WO2006064318A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP04292970.3 2004-12-13
EP04292970A EP1670000A1 (fr) 2004-12-13 2004-12-13 Procédé de sécurisation de l'écriture en mémoire contre des attaques par rayonnement ou autres.

Publications (1)

Publication Number Publication Date
WO2006064318A1 true WO2006064318A1 (fr) 2006-06-22

Family

ID=34931596

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/003476 WO2006064318A1 (fr) 2004-12-13 2005-11-21 Procede d'ecriture securisee dans une memoire contre des attaques par rayonnement ou par d'autres moyens

Country Status (2)

Country Link
EP (1) EP1670000A1 (fr)
WO (1) WO2006064318A1 (fr)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8468294B2 (en) 2009-12-18 2013-06-18 Sandisk Technologies Inc. Non-volatile memory with multi-gear control using on-chip folding of data
US8842473B2 (en) 2012-03-15 2014-09-23 Sandisk Technologies Inc. Techniques for accessing column selecting shift register with skipped entries in non-volatile memories
US8897080B2 (en) 2012-09-28 2014-11-25 Sandisk Technologies Inc. Variable rate serial to parallel shift register
US9076506B2 (en) 2012-09-28 2015-07-07 Sandisk Technologies Inc. Variable rate parallel to serial shift register
US9224502B1 (en) 2015-01-14 2015-12-29 Sandisk Technologies Inc. Techniques for detection and treating memory hole to local interconnect marginality defects
US9269446B1 (en) 2015-04-08 2016-02-23 Sandisk Technologies Inc. Methods to improve programming of slow cells
US9342446B2 (en) 2011-03-29 2016-05-17 SanDisk Technologies, Inc. Non-volatile memory system allowing reverse eviction of data updates to non-volatile binary cache
US9490035B2 (en) 2012-09-28 2016-11-08 SanDisk Technologies, Inc. Centralized variable rate serializer and deserializer for bad column management
US9564219B2 (en) 2015-04-08 2017-02-07 Sandisk Technologies Llc Current based detection and recording of memory hole-interconnect spacing defects
US9748001B2 (en) 2009-07-06 2017-08-29 Sandisk Technologies Llc Bad column management with bit information in non-volatile memory systems
US9934872B2 (en) 2014-10-30 2018-04-03 Sandisk Technologies Llc Erase stress and delta erase loop count methods for various fail modes in non-volatile memory
US10032524B2 (en) 2015-02-09 2018-07-24 Sandisk Technologies Llc Techniques for determining local interconnect defects

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4507751A (en) * 1982-06-21 1985-03-26 International Business Machines Corporation Method and apparatus for logging journal data using a log write ahead data set
US5532463A (en) * 1993-05-26 1996-07-02 Solaic (Societe Anonyme) Process for making secure the writing of sensitive data into the EEPROM data storage memory of a memory card and a memory card for use in the process
FR2742893A1 (fr) * 1995-12-20 1997-06-27 Schlumberger Ind Sa Procede d'inscription d'une donnee dans une memoire reinscriptible
US5715431A (en) * 1993-04-13 1998-02-03 Mondex International Limited Tamper proof security measure in data writing to non-volatile memory

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4507751A (en) * 1982-06-21 1985-03-26 International Business Machines Corporation Method and apparatus for logging journal data using a log write ahead data set
US5715431A (en) * 1993-04-13 1998-02-03 Mondex International Limited Tamper proof security measure in data writing to non-volatile memory
US5532463A (en) * 1993-05-26 1996-07-02 Solaic (Societe Anonyme) Process for making secure the writing of sensitive data into the EEPROM data storage memory of a memory card and a memory card for use in the process
FR2742893A1 (fr) * 1995-12-20 1997-06-27 Schlumberger Ind Sa Procede d'inscription d'une donnee dans une memoire reinscriptible

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"WRITE ATOMICITY WITH STORAGE HARDWARE", IBM TECHNICAL DISCLOSURE BULLETIN, IBM CORP. NEW YORK, US, vol. 33, no. 2, 1 July 1990 (1990-07-01), pages 422 - 425, XP000123669, ISSN: 0018-8689 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9748001B2 (en) 2009-07-06 2017-08-29 Sandisk Technologies Llc Bad column management with bit information in non-volatile memory systems
US8468294B2 (en) 2009-12-18 2013-06-18 Sandisk Technologies Inc. Non-volatile memory with multi-gear control using on-chip folding of data
US9342446B2 (en) 2011-03-29 2016-05-17 SanDisk Technologies, Inc. Non-volatile memory system allowing reverse eviction of data updates to non-volatile binary cache
US8842473B2 (en) 2012-03-15 2014-09-23 Sandisk Technologies Inc. Techniques for accessing column selecting shift register with skipped entries in non-volatile memories
US8897080B2 (en) 2012-09-28 2014-11-25 Sandisk Technologies Inc. Variable rate serial to parallel shift register
US9076506B2 (en) 2012-09-28 2015-07-07 Sandisk Technologies Inc. Variable rate parallel to serial shift register
US9490035B2 (en) 2012-09-28 2016-11-08 SanDisk Technologies, Inc. Centralized variable rate serializer and deserializer for bad column management
US9934872B2 (en) 2014-10-30 2018-04-03 Sandisk Technologies Llc Erase stress and delta erase loop count methods for various fail modes in non-volatile memory
US9224502B1 (en) 2015-01-14 2015-12-29 Sandisk Technologies Inc. Techniques for detection and treating memory hole to local interconnect marginality defects
US10032524B2 (en) 2015-02-09 2018-07-24 Sandisk Technologies Llc Techniques for determining local interconnect defects
US9269446B1 (en) 2015-04-08 2016-02-23 Sandisk Technologies Inc. Methods to improve programming of slow cells
US9564219B2 (en) 2015-04-08 2017-02-07 Sandisk Technologies Llc Current based detection and recording of memory hole-interconnect spacing defects

Also Published As

Publication number Publication date
EP1670000A1 (fr) 2006-06-14

Similar Documents

Publication Publication Date Title
WO2006064318A1 (fr) Procede d'ecriture securisee dans une memoire contre des attaques par rayonnement ou par d'autres moyens
JP5114617B2 (ja) 秘密鍵を保護する、セキュア端末、プログラム、および方法
US6202176B1 (en) Method of monitoring the correct execution of software programs
US6453397B1 (en) Single chip microcomputer internally including a flash memory
US20080022396A1 (en) Memory data protection device and IC card LSI
US20080181407A1 (en) Method for protecting a control device against manipulation
US8375253B2 (en) Detection of a fault by long disturbance
CN106845289A (zh) 一种安全芯片及其非易失性存储控制装置、方法
CN112970019A (zh) 用于加强硬件辅助内存安全的装置和方法
CN105718208A (zh) Flash程序存储器保护设计方法与硬件实现装置
US20060289656A1 (en) Portable electronic apparatus and data output method therefor
EP1739519A1 (fr) Procédé de sécurisation de l'exécution d'un programme contre les attaques par rayonnement ou autres
RU2467390C2 (ru) Способ и устройство для безопасного хранения и для безопасного считывания полезных данных
US7207066B2 (en) Method for protecting a microcomputer system against manipulation of data stored in a storage arrangement of the microcomputer system
KR930004944B1 (ko) 데이타 저장용 메모리 시스템을 구비하는 집적회로
CN112149065B (zh) 一种软件防御故障注入方法
JPH1083294A (ja) プログラミング装置を介してプログラミング可能な記憶装置を備えた制御装置の作動方法
CN104573509A (zh) 系统时间防护方法和装置
US20190212930A1 (en) Data storage chip and data access method
US7806319B2 (en) System and method for protection of data contained in an integrated circuit
CN113434247B (zh) 一种java卡虚拟机的安全防护方法
CN113626805B (zh) 基于risc-v与不可执行内存的缓冲区溢出攻击防御方法及系统
CN116628767B (zh) 一种预防系统启动后flash系统固件攻击方法及flash控制器
US20120131634A1 (en) Method of executing an application embedded in a portable electronic device
WO2006090231A2 (fr) Procede d'ecriture en memoire securisee de protection contre les rayonnements ou autres elements semblables

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05803775

Country of ref document: EP

Kind code of ref document: A1